Application and communication platform for connectivity based services

ABSTRACT

Open, horizontal service platforms are described. Service providers can, via network operators, load software associated with a service onto a dedicated, service platform server. The service platform server is connected, via a LAN, to one or more remote devices (e.g., sensors, transducers, processors, etc.). The functionality associated with the service can be distributed among two or more of the entities involved in the architecture. The distributed software operates and/or monitors these remote devices to implement the subscribed service.

RELATED APPLICATIONS

[0001] This application is related to, and claims priority from U.S.Provisional Patent Application Serial No. 60/088,437, filed on Jun. 8,1998 and U.S. Provisional Patent Application Serial No. 60/123,971,filed on Mar. 12, 1999, the disclosures of which are expresslyincorporated here by reference.

BACKGROUND

[0002] The present invention generally relates to information andcommunication systems and, more particularly, to systems and methods forproviding an open and horizontal platform to distribute and operateconnectivity based services.

[0003] Recently, many advances have been made in the areas ofinformation and communication technologies. For example, computers, andin particular personal computers, have radically changed the way inwhich information is manipulated and stored. Moreover, microprocessorsare being incorporated into more and more products and are controllingan ever increasing number of processes in the modern world. It is notunusual today to find microprocessors controlling the householdappliances we use daily, the automobiles we drive, and even thetelevisions and VCRs we view for entertainment. At the same time,communication systems continue to expand and develop. For example, inthe last decade commercial wireless communication systems have becomewidely popular for personal communication services. Data communicationservices have rapidly become more widespread, as well. Notable among theproliferation of new data communication resources is the advent of theInternet.

[0004] Practitioners skilled in the information and communication artsfrequently view the technologies of information and communication asrapidly becoming one integrated technology rather than two separateareas of research and development. As devices which process andmanipulate data become further integrated with devices which communicatedata, the potential to use such integrated technologies expands theirapplicability. For example, Applicants believe that in the near futurethe number and availability of connectivity based services, i.e.,services which monitor or control the operation of remote devices, willrapidly increase.

[0005] For example, one form of connectivity based service might entaila utility company remotely monitoring and controlling the operation of asubscriber's devices which consume electricity. Other potential uses forconnectivity based services include industrial equipment monitoring andcontrol, building automation, safety and security of both commercial andresidential environments, Internet access and electronic commerce,telephony services and mobile communications. However, to date, nointegrated solution exists for handling the installation, maintenance,operation control and billing for such connectivity based services.

[0006]FIG. 1 depicts existing communication tools arranged by the degreeto which each is dedicated to a particular function. FIG. 1 furtherlists positive and negative attributes of dedicated communication toolsand multifunction communication tools. The communication tools of todaymay be described as belonging to a spectrum ranging from those deviceshaving dedicated functionality and dedicated connections to thosedevices which are multifunctional and may have many communicationconnections to different input/output devices.

[0007] The sampling of current communication tools shown in FIG. 1depicts modems and electricity meters at the dedicated end of thefunctionality spectrum. These devices have certain positivecharacteristics which include security of information transfer,reliability, ease of maintenance and relatively low cost. However,dedicated communication devices also tend to have the drawbacks thatthey possess little intelligence or memory and are not very flexible inthat they typically have a single dedicated communication channel,provide a limited communication interface for end users and are noteasily reconfigurable. Because of these drawbacks, dedicatedcommunication devices are inadequate for use in delivering connectivitybased services.

[0008] At the other end of the spectrum, today's personal computersprovide a wide variety of information and communication services to theend user. These types of devices have the advantages of being relativelyflexible with multiple communication interfaces, often have significantmemories, and possess the capability to add new applications as theyarise. However, in contrast to both personal computers and dedicatedcommunication devices, multifunctional communication tools suffer frompoor reliability, are relatively expensive, are difficult to maintainand support and typically require sophisticated user interaction inorder to perform their desired functions and/or add new functionality.For these reasons, multifunctional communication devices are poorlysuited for delivering connectivity based services.

[0009] Accordingly, Applicants recognize a need for a new platform tosupport the arrival of the anticipated plethora of connectivity basedservices which Applicants expect to be created in the wake of theevolution of the information and communication technologies. Such aplatform should have as many of the positive characteristics of bothdedicated and multifunctional conventional communication tools aspossible, with as few of the drawbacks as possible.

SUMMARY

[0010] These and other drawbacks and limitations of conventionalinformation and communication systems are overcome according to thepresent invention wherein a platform for connectivity based services isprovided in the form of a service gateway system.

[0011] Accordingly, it is a purpose of the present invention to providesecure, robust connectivity based service gateway or services platforms.It is a further purpose of the present invention to provide a flexiblesystem for remotely managing the service gateways, while maintainingcompatibility with existing information and communication technologies,protocols and interface standards. It is a further purpose of theservice gateway system to allow multiple service gateway applications tosimultaneously operate without detrimentally affecting each other. It isa further purpose of the service gateway system to be able to ceaseoperations and restart from any level, regardless of whether operationsare ceased purposely or inadvertently (e.g., crash). It is a furtherpurpose of the service gateway system that all configurations bepersistent, and be either locally or remotely downloadable.

[0012] The service gateway system according to the present inventionfacilitates the development, implementation, operation and maintenanceof services in an integrated manner so that the interface betweendifferent services providers and the end user is transparent to both.Each service may comprise a set of functionalities and logic which areimplemented as software service applications. The service applicationmay be distributed among various pieces of equipment which aregeographically separated. Implemented in the software are functionsdesigned to monitor, control and otherwise interact with remote devicesin a manner which can be easily monitored by the service provider, theend user, and, potentially, other intermediary operators.

[0013] Service gateways according to the present invention are dedicatedand scalable so that many different types of services can be implementedefficiently using the same service gateway. Service gateways accordingto the present invention are preferably open platforms to allow for thedevelopment of service applications by third party developers. Moreover,standard communication protocols and programming languages may be usedin order to facilitate such software service applications development.In addition to being open platforms, service gateways according to thepresent invention are intended to be horizontal in nature so that aplurality of service providers can share the same platforminfrastructure. While sharing the same infrastructure, the serviceapplications can be modularized so that from the perspective of theservice providers, a service gateway according to the present inventionwill appear as if it is dedicated to each service provider's respectiveservice.

[0014] Service gateways according to the present invention arepreferably operated, maintained and supported by a business entityrather than end users or subscribers, in order to provide ease ofoperation, maintenance and support with respect to the end user andpromote security and reliability of the services which are deemed to besignificant characteristics of service gateways according to the presentinvention. The business entity which performs the operation, maintenanceand support of the service gateways may be different from the entitywhich actually provides the services being subscribed to by end users.The end user may be an individual, a residence, a business or any othertype of entity.

[0015] Service gateways according to the present invention are intendedto be generic in many ways in order to support different types ofservices and different types of equipment which provide those services.For example, multiple types of access solutions are envisioned accordingto the present invention including those involving local area networksand external networks. Various types of terminals may be used to linkwith service gateways according to the present invention to obtaininformation about an implemented service or about results associatedwith such service. Interaction with the implemented service is separatedfrom implementation of the service itself. Given the wide variety ofcommunication devices available today, and a desire to support thesevarious devices as terminals which may access service gateways accordingto the present invention, various types of output are supportedincluding different types of display sizes.

[0016] According to exemplary embodiments of the present invention,service gateway equipment can be connected to a local area networkthrough which the service may be implemented. By providing, as part ofthe service gateway, such service gateway equipment, services can bepersonalized and adapted to individual users or entities. Moreover, bylocalizing some of the functionality of each service proximate theremote devices which are controlled or monitored to actually implementthe service (i.e, in the dedicated platform servers), bandwidthassociated with each communication link used to implement the servicemay be efficiently controlled.

BRIEF DESCRIPTION OF THE DRAWINGS

[0017] The foregoing objects, features and advantages of the presentinvention will be more readily understood upon reading the followingdetailed description in conjunction with the drawings in which:

[0018]FIG. 1 depicts existing communication tools arranged by the degreeto which each is dedicated to a particular function;

[0019]FIG. 2 depicts an exemplary embodiment of the present invention inwhich a service gateway system provides a platform for connectivitybased services;

[0020]FIG. 3 depicts various potential service providers andconnectivity based services;

[0021]FIG. 4 illustrates an exemplary mobile embodiment of the presentinvention;

[0022]FIG. 5 depicts another mobile embodiment of the present invention;and

[0023]FIG. 6 depicts an exemplary organization of a software system forproviding a connectivity based service gateway according to the presentinvention.

DETAILED DESCRIPTION

[0024] In the following description, for purposes of explanation and notlimitation, specific details are set forth, such as particular circuits,circuit components, techniques, etc. in order to provide a thoroughunderstanding of the present invention. However, it will be apparent toone skilled in the art that the present invention may be practiced inother embodiments that depart from these specific details. In otherinstances, detailed descriptions of well-known methods, devices, andcircuits are omitted so as not to obscure the description of the presentinvention.

[0025]FIG. 2 depicts an exemplary embodiment of the present invention inwhich a service gateway system provides a platform for connectivitybased services. In this disclosure the terms “gateway” and “platform”are used interchangeably in reference to the present invention. The term“service gateway system” denotes the entire system shown in FIG. 2, fromthe service providers through a communication network to the end devicesuch as a household appliance. The term “service gateway” refers to aplatform serving one end user. Those skilled in the art will, of course,appreciate that the example depicted in FIG. 2 is merely illustrative inmany senses and that service gateways according to the present inventionare equally applicable to business and other uses. Variousconfigurations of the present invention are possible, each of which isintended to result in a secure, robust, and compatible system ofconnectivity based service gateways which may be remotely managed. Thereasons underlying the need for a secure, robust, compatible, remotelymanaged system of connectivity based service gateways, as shown in FIG.2, are outlined in the ensuing paragraphs.

[0026] The need for security stems from the fact that the servicegateway system is accessed by and shared with multiple service providersand service gateway users. In addition, the nature of the servicesprovided via the service gateway system, which are discussed further inconjunction with FIG. 3, dictates that the system be secure to be ofvalue to the user. On aspect of security is that multiple serviceapplications should be able to simultaneously operate withoutdetrimentally affecting each other. To achieve this, mechanisms forauthentication, authorization and access control are integrated withinthe service gateway system design. The service gateway system should besecure so that it is not susceptible to software viruses to which thesystem may be inadvertently or purposely exposed.

[0027] In addition to being secure, a service gateway should be highlyrobust. There are two primary reasons underlying the desirability of arobust service gateway system. These two reasons lead to the two formsof robustness that a service gateway should exhibit. First, reliabilityand cost issues make it desirable for a service gateway to have arelatively long expected lifetime (e.g., potentially 10 or more years).For this reason, service gateway hardware should be robust enough toensure reliability for such a lifetime. Second, multiple serviceproviders may use the same infrastructure. Because of this, the servicegateway should also be robust with respect to software errors andviruses introduced by the service providers. This second aspect ofrobustness affects the aforementioned security feature in that itprevents operation of a service application from disrupting otherservice applications, thus, ensuring integrity of the service gatewaysystem.

[0028] The need for remote service gateway management arises due to thelogistics of managing an extensive network of geographically dispersedservice gateways. The service gateway network may potentially range fromseveral hundred thousand to millions of service gateway units. At leastsome of the many service gateways will be installed in places not easilyaccessible. It would be logistically difficult to physically access allservice gateways in order to, for instance, upgrade software, superviseoperations, and detect errors. Therefore, the ability for a servicegateway to be managed remotely in as many ways as possible is desirable.

[0029] Another desirable characteristic of the service gateway design isthat it be compatible to established communications standards,protocols, interface specifications and technologies. In addition toenhancing communication and interfacing among various systems, servicegateway compatibility potentially opens third-party markets for servicegateway hardware and services. However, specialized portions of theservice gateway system may be specifically designed and developed.

[0030] The major components of an exemplary service gateway systemembodiment for residential use are depicted FIG. 2. As shown, a localarea network 10 may be provided in a residence for communicating withand controlling a plurality of sensors, appliances and instruments.Those depicted include a thermostat 12, a clothes washing/dryingappliance 14, a coffee maker 16, and a telephone 18. Again, theseparticular sensors and appliances are depicted merely as examples. Aplethora of other types of remote devices will be readily apparent tothose skilled in the art. In practice, the sensors, appliances andinstruments may take the form of any equipment or device capable ofbeing connected to a computer. Such equipment or devices may include,for example, simple sensors and actuators, appliances, audio and videoentertainment and information systems, as well as more complex terminalequipment. One or more local clients 20 may also be attached to thelocal area network 10 associated with a residence. The local clients 20may, for example, include a personal computer or a home base stationassociated with a localized cellular radio-communication system. Servicegateways according to the present invention are intended to operate inconjunction with any type of local area network (LAN) including, forexample, those based on Ethernet, IR, short distance wireless radio,CEBus, Lonworks, X10 or any other communication protocols.

[0031] Another part of the service gateway system connected to the localarea network 10 is a service platform server 22. The service platformserver 22 is the hardware portion of a service gateway or servicesplatform. The service platform server 22 serves as an edge server whichmay be installed at the user location. According to exemplaryembodiments of the present invention, the service platform server 22 is,preferably, directly connected to the local area network 10, forinstance, by Ethernet cable. Alternatively, the service platform server22 may be connected to the local area network 10 through a modem orother gateway connection. The service platform server 22 interacts withthe local area network 10 and remote devices connected thereto, e.g.,remote devices 12-18, to implement connectivity based services accordingto the present invention.

[0032] Although it may be physically closer to the local area network 10than a network operator server 24, the service platform server 22 may belogically considered as a node associated with the network operatorrather than the local area network since the service platform server 22is preferably not open to control or commands from the local areanetwork 10 or, more specifically, from any of the remote devices 12-18or the local client 20. Instead, control for maintenance, operation andsupport of the service platform server 22 is preferably performed by thenetwork operator. This ensures ease of operation, maintenance andsupport with respect to the end user and promotes secure and reliabileperformance of the services.

[0033] The service platform server 22 may contain all or part of asoftware application or applications which are used to implement one ormore connectivity based services which have been requested and/orsubscribed to by the end user, a residential user in this example. Theservice platform server 22 may include software which communicates withor performs services that interact with one or more of the remotedevices 12-18. For instance, such software may facilitate anenvironmental control service which interacts with the thermostat 12, alaundry service which interacts with the clothes washing/dryingappliance 14, a coffee service which interacts with the coffee maker 16or telephony services which interact with the telephone 18. Telephonyservices software may interact with the user's landline and/or wirelesstelephone companies for services such as billing, special calling plansor communication features (e.g., call waiting, voicemail, answeringservices, etc.), or for services such as Internet protocol telephony.The service platform server 22 may also contain software which, at leastin part, implements a service which interacts with the local client(s)20 of the local area network 10. Further discussion of service gatewaysoftware functionality is provided in conjunction with FIG. 6.

[0034] According to exemplary embodiments of the present invention, anetwork operator associated with network operator server 24 isresponsible for the operation, maintenance and support of the serviceplatform servers 22 of various end users. Like today's Internet serviceproviders (ISPs) which act as intermediaries between personal computerusers and the Internet, network operators using the network operatorservers 24 may act as intermediaries between service providers and theend users of those services as illustrated in FIG. 2. Various corporateentities may function as network operators according to the presentinvention, including, for example, communication utilities such aspublic telephone companies, communication companies, etc. In theembodiment where network operators act as intermediaries between serviceproviders and end users, the service platform server 22 may be directlyconnected to the network operator server 24 associated with the networkoperator. The network operator server 24 equipment may include one ormore servers, i.e., relatively powerful computers operating inconjunction with one or more secondary storage devices. The connectionbetween the network operator server 24 and the service platform server22 may be wire-based or wireless. Alternatively, the service platformserver 22 may be connected to the network operator server 24 via theInternet or other communication network.

[0035] In any event, the network operator server 24 will be connected toat least one service provider equipment 34 via some communicationnetwork, e.g., Internet 26. The service gateway system architecture doesnot require that a particular type of external network be used, nor doesit specify the access technology used. In practice, the external networkmay be an Internet protocol (IP) network such as the Internet 26, orother network technology (PSTN, ISDN, cable, wireless, etc.). Becausethe service gateway system is not limited to a particular technology orprotocol, it can evolve freely with respect to access technology. Theservice provider equipment 34, which may include computer systems orservers, may be the initial repository for software used to implementconnectivity based services according to the present invention.Exemplary techniques are described below in which these services areimplemented upon request.

[0036] Users may remotely interact with implemented services. FIG. 2illustrates two examples of remote user interaction as remote terminals28 and 30. For example, a service user/subscriber may operate one of theremote terminals 28 and 30 to obtain information associated with theoperation of the service or change operating parameters associated withthe service, e.g., monitoring results of the thermostat 12 or changingtemperature settings. Some remote terminal devices, such as the remoteterminal 28 may be connected to the Internet or to the service platformserver 22 via intermediary communication networks. For instance, in thecase where the remote terminal 28 is a mobile phone used in a cellularnetwork, then the intermediary communication network might be, forexample, a Global System for Mobile Communication (GSM) cellular radiocommunication system 32.

[0037] The size and nature of the output devices, e.g., a displayassociated with various remote terminals 28 and 30, may differ in eitherthe type of output available or the amount of information which can beoutput at any given time. To accommodate various display capabilities,the service gateway tailors the format of information received fromimplemented services to the capabilities of the terminal device beingused. For example, the remote terminal 28 having a relatively smalldisplay may receive information in a first format tailored to thatdisplay while the same request generated by the remote terminal 30having a larger display may result in different information and/orformat being presented. Object-oriented programming techniques designedto provide, among other things, these different types of outputs may befound in International Patent Application WO 9623267 to Hans Thorsen,published on Aug. 1, 1996, the disclosure of which is herebyincorporated by reference. Service gateways may also be provided via awireless application protocol (WAP) server to tailor the capabilities ofthe user terminal to meet the user's needs. In the case of a mobileremote terminal 28, the short message system protocol (SMS) may be usedto adapt the terminal.

[0038] According to an exemplary embodiment of the present invention,the user is able to adapt the display layout of the user's own displayto best suit his needs. For instance, the user may adjust displaycontrols for, e.g., language settings, size, brightness, displayposition and orientation, and audible or visible indicators and/oralarms.

[0039] Having briefly described an exemplary architecture by whichconnectivity based services can be supported according to the presentinvention, an example will now be provided to illustrate how theseservices can be implemented using distributed processing techniques.Suppose that an end user associated with the local area network 10contacts service provider #1 which has advertised a service designed tomonitor household temperatures and control heating and cooling equipmentconnected to a local area network to implement a residential user'sdesired temperature patterns at various times of day, days of the year,etc. This service provider also touts its connectivity based service asbeing remotely monitorable and adjustable by the residential user usingremote terminals. The residential user may enter into an agreement tosubscribe to the service with service provider #1 in any conventionalmanner, such as mail, e-mail, or over the telephone.

[0040] Once the residential user has been confirmed as a subscriber,then service provider #1 will inform the network operator server 24responsible for maintaining and controlling that residential user'sservice platform server 22. The service can be implemented in variousways depending upon where the software currently resides which is usedto implement the service. If, for example, this environmental serviceoffered by service provider #1 is commonly requested by residentialusers, then the portion of the software used to implement this servicewhich would normally reside on the service platform server 22 may havealready been preloaded thereon, in which case the network operatorserver 24 may simply activate that software by way of a command signalto service platform server 22. Otherwise, the network operator server 24may download all or part of the software associated with that service tothe service platform server 22, whereupon the service platform server 22can run the newly loaded software to control the thermostat 12 and otherremote devices connected to the local area network 10 which areassociated with the environmental service for that residential user. Inan alternative embodiment, the user may purchase a smart card at aretail outlet or via the mail. The smart card contains the softwarenecessary to implement the desired service. The smart card is insertedeither into the service platform service 22 at the user's premises orinto the local client 20 which communicates with the service platformservice 22. Insertion of the smart card results in implementation of theservice, with the service platform service 22 being prompted to contactthe network operator 24 for any additional software or settings requiredto implement the service.

[0041] If a service is brand new, or infrequently requested, the networkoperator server 24 may need to receive some portions of the serviceapplication software from the service provider #1 via the Internet 26.Having received the associated software, the network operator can thendownload some or all of that software to the service platform server 22.As mentioned earlier, Applicants envision that implementation ofconnectivity based services according to the present invention may takeadvantage of distributed processing techniques whereby a service may beimplemented using software operating on two or more of the servers orprocessors associated with the architecture illustrated in FIG. 2. Forexample, a first portion of software associated with the environmentalservice described above may reside permanently on the #1 serviceprovider equipment 34. A second portion of the software used toimplement environment control in the end user's residence may reside aspart of the network operator server 24. Likewise, a third portion of thesoftware used to implement this service may reside on the serviceplatform server 22. The distribution of software used to implement anyparticular service will, of course, depend upon the nature of theservice, the nature of the software, and the bandwidth associated withvarious information transfer needed to implement the desired service.For example, for services which implement a relatively rapid feedbackcontrol loop, it may be desirable to provide most or all of the softwareassociated with the feedback control loop directly on the serviceplatform server 22 so that the high data rate/bandwidth communicationassociated with this portion of the service is confined to communicationbetween the geographically local service platform server 22 and thelocal network 10, rather than the service provider equipment 34 or thenetwork operator server 24, likely to be more distantly located. Ratherthan being distributed over all three pieces of equipment, those skilledin the art will appreciate that software may be distributed between thenetwork operator server 24 and the service platform server 22, orbetween the service provider equipment 34 and the service platformserver 22, or any other combination of processors deemed desirable.

[0042] Moreover, it is envisioned that in addition to the functionalitywhich is directly associated with the implementation of a particularservice, e.g., turning on an air conditioning unit or a heater inconnection with an environmental control service, other software modulesor service applications may be designed solely to maintain that service.For example, to maintain and control an environmental service, thenetwork operator server 24 may contain other software modules whichmonitor implementation of the environmental control software on theservice platform server 22. This may include, for example, softwarewhich records the frequency with which thermostat 12 is operated oradjusted or diagnostic software which monitors the various components,e.g., the service platform server 22 itself, the local area network 10and the thermostat 12, which are needed to implement the servicesoftware stored, at least in part, on the service platform server 22.The capability and responsibility of the network operator server 24 tohandle control for operation, maintenance and support of the serviceimplementation is intended to provide enhanced security, reliability andease of use to the end user of connectivity based services according tothe present invention.

[0043] As mentioned earlier, service gateways according to the presentinvention are intended to appear dedicated to each service provider, butin fact reuse infrastructure to support multiple connectivity basedservices supported by different service providers. Thus, to extend theforegoing example, the residential user having the local area network 10may also request from service provider #2 certain telephony serviceswhich are used to operate, control and monitor the telephone 18. Uponsubscription to this service in the same manner described above, thenetwork operator server 24 would once again load, if necessary, therequired software portion onto the service platform server 22 forimplementing the desired and requested telephony services. The serviceplatform server 22 would then, multitask software service applicationswhich implement the environmental control service and the telephonyservices for interacting with the remote devices 12-18. Thus, thepresent invention is seen to be extendible to activate, maintain andcontrol a plurality of connectivity based services on a single serviceplatform server 22 so that this infrastructure can be cost effective.

[0044] The service subscriber or user associated with the local areanetwork 10 can interface with the requested services via, for example,the remote terminals 28 or 30 in order to obtain information associatedwith those services from remote locations. For example, if the userwishes to obtain information about the environmental control service andhow it is performing or about his/her telephony services, suchinformation could be accessed remotely and displayed or otherwise output(e.g, voice output) via the remote terminals 28 or 30. Although the useror subscriber has access to this information via remote or localterminals, the user is preferably not able to control the operation ofthe service platform server 22. This restriction ensures the securityand robustness of the service gateway system.

[0045] The foregoing exemplary embodiment provides a limited, yetillustrative example of the different types of service providers andconnectivity based services which may be implemented using techniquesaccording to the present invention. The present invention encompasses awide variety of service providers and connectivity based services,further exemplary embodiments of which are illustrated in FIG. 3.

[0046]FIG. 3 depicts various potential service providers andconnectivity based services. For example, as conceptually illustrated inFIG. 3, open service gateways according to the present invention may beused to integrate many independent service providers to further exploitefficiencies associated with using this same communication andinformation processing infrastructure. As seen in the figure, potentialservice providers include power utilities, telecommunication operators,security companies, insurance companies, banks, appliance manufacturersand others. These or other service providers may make available serviceswhich can be added to the service gateway which include, for example,utility management services, safety and security services, communicationservices, telemetry services, home automation services, informationservices and entertainment services.

[0047] Moreover, the users of service gateways according to the presentinvention are clearly not limited to household users and residences, butmay also include businesses or other entities. For example, a serviceplatform server 22 may provide service support for a businessman or thepersonnel in an office, an entire office building, an industrial plant,or even a campus-type organizational facility. Additionally, serviceplatform servers 22 according to the present invention are not limitedto fixed embodiments, but include mobile embodiments as well.

[0048]FIG. 4 illustrates an exemplary mobile embodiment of the presentinvention. Applicants anticipate that connectivity based services willsoon be desired by mobile users to an extent similar to the demand formobile communication services today. According to the exemplaryembodiment of FIG. 4, a vehicle is depicted having both a serviceplatform server 22 as well as a local client 40 which may be anautomobile PC, standard personal digital assistant (PDA) or any type ofterminal device. As an alternative to the automobile shown in FIG. 4,the vehicle could be a boat or ship, with the service platform server 22being used to provide speed, position, course, weather information,battery level and condition, fuel level and consumption information, orother information pertaining to the boat or ship. The vehicle will alsocontain a wired or wireless LAN (not shown) by which various remotedevices within the vehicle may be monitored and/or controlled. Theservice platform server 22 may also include wireless communicationequipment for communicating with the network operator's equipment. Theservice platform server 22 may also receive global positioning system(GPS) signals in order to provide the service platform server 22 withinformation regarding the vehicle's current location. Integration ofconnectivity based services with mobile environments will enable mobileusers to have access to offboard, dynamic information sources as areavailable via the service gateway system. Moreover, services which havebeen implemented for that user at his/her residence can follow the userto his/her vehicle providing a seamless integration of connectivitybased services. Using the GPS receiver, the services can be adapted tothe location of the vehicle. For instance, the vehicle location mayserve to trigger the update of information or other remote devicefunctionality. Since the vehicle depicted in FIG. 4 may travel overgreat distances, it is possible that the service platform server 22mounted therein may be connected to different operators to supportservices in connection therewith via a wireless connection.

[0049]FIG. 5 depicts an exemplary embodiment of the present invention ofa mobile service platform server 22 in connection with the truckingindustry. In this embodiment, the truck is outfitted with a serviceplatform server 22 within which various service software client packageshave been loaded, denoted by reference numerals 50-53. For example, thisparticular truck may be employed in the service of two different freightcompanies, FMS #1 and FMS #2, which coordinate their individualactivities using service equipment 55 and 56, respectively. When thetruck is employed at any given time by a respective freight managementservice, the applicable client software package 50 or 51 runs in orderto coordinate operations of the truck and communicate informationbetween the appropriate service equipment and the truck. For instance,when the truck is in the employ of the FMS #1, the client softwarepackage 50 may be run on the service platform server 22 to providefreight company FMS #1 with information regarding the current locationof the truck and its anticipated arrival time of delivery. Similarly,in-vehicle terminal 58 may provide the truck driver with informationregarding subsequent deliveries/pick-ups or other information providedby the client software packages 50-53 which are running at any giventime on the service platform server 22. Freight broker and yellow pageservice providers 59 and 60 are provided as other examples of serviceswhich may be implemented on the service platform server 22 for atrucking implementation of service gateways according to the presentinvention.

[0050] According to the exemplary embodiment of FIG. 5, directconnectivity is provided between a communication system (e.g., theInternet 62) and the service platform server 22. Although frequently itwill be desirable to interpose an intermediary network operator, theremay be certain embodiments of the present invention where the networkoperator and the associated equipment may be eliminated.

[0051] Several examples of specific services envisioned by Applicantshave also been mentioned, although those skilled in the art willappreciate that numerous connectivity based services will likely emerge.For example, utility companies are likely candidates for implementingconnectivity based services including automated meter reading, real timepricing (wherein the price per kilowatt-hour may vary based on demand),automated load control (wherein a subscriber acquires a server thatvaries the amount and type of electricity consumption on ahousehold-wide or individual load basis based on, for example, the realtime price of electricity, time of day and/or other parameters).

[0052] Additionally, Applicants consider secure implementation of theseconnectivity based services to be important in achieving subscribersatisfaction and acceptance of service gateways according to the presentinvention. Since various service providers, network providers and,possibly, end users, will share infrastructure, it is important thatinformation and communication associated with each implementedconnectivity based service be secure. As mentioned earlier, Applicantsenvision a preferred embodiment of the present invention to allow onlythe network operator (and not the subscriber) to have control access tothe service platform server 22, Which, in part, provides for a moresecure platform than if the subscriber was able to control this server.Moreover, Applicants envision widespread usage of other securitytechniques including data encryption, various authorization and identityverification techniques, etc. to be provided so that the implementation,monitoring and billing associated with these services is robustlydefended against intrusion and manipulation.

[0053]FIG. 6 depicts an exemplary software system for implementing theconnectivity based service gateway system according to the presentinvention. Those skilled in the art will appreciate that this exemplaryorganizational overview of software is provided merely for illustrativepurposes. Various software configurations of the present invention arepossible, each of which is intended to result in a secure, robust, andcompatible connectivity based service gateway which may be remotelymanaged. For the sake of clarity of illustration, not all elements orconnections between the elements of FIG. 6 are shown. For instance, FIG.6 depicts three service applications in three cells, and seven gatesconnecting the various elements of the software system. In practice, thesoftware system of the present invention would likely have many moreservice applications, cells, gates and other elements than those shownin FIG. 6 for illustrative purposes. In addition, the software elementsof the service gateway system may be distributed among various units ofgeographically separated equipment, as shown in FIG. 2.

[0054] Service Applications

[0055] Service applications 70-72 of FIG. 6 implement the connectivitybased services which a user may request or subscribe. As part ofimplementing a connectivity based service, the service applications70-72 interact with the devices pertaining to the service beingprovided, e.g., the remote devices 12-18 of FIG. 2. Such interactionwith the remote devices 12-18 may involve operating, controlling,adjusting, monitoring, reading, recording, activating, deactivating,analyzing, playing, or any other type of function involving the remotedevices 12-18. The types of connectivity based services provided byservice providers 34 of FIG. 2 may include, for instance, servicespertaining to utility management services, safety and security services,communication services, telemetry services, home automation services,information services, entertainment services, or the like.

[0056] Because of the need for a secure, robust environment for theservice applications 70-72, integrity among the service applications70-72 and between all applications and communications networks involvingthe service gateway system is desirable. To achieve a secure, robustenvironment, different ones of the service applications 70-72 are notallowed to inadvertently interact in such a way that would cause them tofail or detrimentally affect each other. For example, one of the serviceapplications 70-72 such as, e.g., a video telephone service application,may require a great deal of bandwidth for operation. Such a serviceapplication would not be allowed to entirely dominate the resources of aservice gateway to the extent that other service applications are“starved” of the resources they need to run. Instead, resourcerequirements may by dynamically allocated based upon a predeterminedscheme of maximum allowed or minimum required resources, for a givensituation.

[0057] The restriction against inadvertently interact between theservice applications 70-72 does not suggest that the serviceapplications 70-72 are strictly prohibited from any interaction at all.One of the service applications 70-72 may at least indirectly provide aservice to another of the service applications 70-72, under a given setof circumstances. For example, it may be the case that the serviceapplication 70 controls the audio system of a business office, and theservice application 71, having as one of its sensors a noise detectionunit, controls the security system of the same business office. In thisexample, it is desirable for the two service applications 70 and 71 tocommunicate with each other in order to avoid false alarms due to theaudio system under the control of service application 70 being detectedby the noise detection unit under the control of alarm system serviceapplication 71. An alternative embodiment allows for resource tradeoffsbetween the service applications 70-72, so as to maximize user benefitfor a given amount of resources. For example, it may be the case thattwo of the service applications 70-71, e.g., a video telephone serviceapplication and a 3-D interactive video game, are very resourceintensive and cannot be used at the same time. In such a situation, whenone of the resource intensive service applications 70-71 is being usedand someone seeks to start another (e.g. make a video telephone callwhile the 3-D game is running), a user prompt may be provided accordingto a predetermined scheme. The user prompt may, for instance, give theoption of using the video telephone at lower picture quality, or informthe user that making the video telephone call will result in lowerquality rendering of the 3-D game background images.

[0058] The service applications 70-72 include the boxlets 64-69 withinthe cells 90-92. The boxlets 64-69 consist of code (which may be thesoftware code, programs, subroutines, arguments, or programming logic)which implements the service associated with one of the serviceapplications 70-72. Cells 90-92 represent the resources made availableto the service applications 70-72. Evoking one of the serviceapplications 70-72 causes the boxlet within the applicable cell 90-92 tobe performed.

[0059] The development of the boxlets 64-69 is not restricted to anyparticular software language or operating system. According to thisexemplary embodiment, the only code specific to development of theboxlets 64-69 is in class libraries 95 which contain the serviceapplication 70-72 program interfaces for the main services layer 100 andthe system services layer 110. The boxlets 64-69 may be designated intovarious categories having different degrees of access restriction foruse within the service applications 70-72. Classes, which are boxletscategorized for some extent of access restriction, are maintained inclass libraries 95, which are described in more detail below.

[0060] Cells

[0061] The cells 90-92 represent the resources made available to theservice applications 70-72. Operations of the cells 90-92 are describedin more detail, below. Conventional software systems do not use cellssuch as the cells 90-92 according to the present invention, but instead,use processes or some similar software entity to make resourcesavailable to a particular application 70-72. The cells 90-92 accordingto the present invention differ from processes in several fundamentalrespects. For instance, the cells 90-92 are not allowed to start or stopeach other. Therefore, no parent/child relationship exists between thecells 90-92. Also, the number and identities of the cells 90-92 runningin a service gateway system are configured through use of a cell table94. Because of this, the cells 90-92 tend to be more controllable andmore static than processes. Unlike processes, the cells 90-92 may beimplemented using class loaders 97 in order to provide theencapsulation, protection, and access restriction desired for theservice applications 70-72. In addition, unlike processes the cells90-92 according to the present invention communicate using the gates80-86. The design features of the present invention such as the cells90-92, the gates 80-86, and the other elements of FIG. 6, foreshortensthe need for processes within the service applications 70-72, and allowsthe functions, responsibilities and access of the cells 90-92 to belimited, monitored and controlled.

[0062] According to exemplary embodiments of the present invention, thecells 90-92 are characterized by certain features and attributes. Eachof the cells 90-92 has a name which is unique among the cells 90-92. Thecells 90-92 may be designated as either permanent or transient. Thecells 90-92 designated as permanent are started and then kept, while thecells 90-92 designated as transient are only started on demand. Each ofthe cells 90-92 may be characterized according to its quota of resources(e.g., CPU, memory, persistent storage, and the like). The cells 90-92are further characterized by their association with the main libraries95, including specified classes to which the cell has access. The cells90-92 may also be characterized by the types of arguments that the cells90-92 are permitted to send and receive via the gates 80-86. Inaddition, one or more cells may be characterized as being privileged“system” cells 99, depending on the cell's access to external resources.

[0063] In general, each of the cells 90-92 may be thought of as theresources made available to one of the service applications 70-72. Incertain situations, a particular one of the service applications 70-72may be divided among more than one of the cells 90-92. This may occur inthe situation where a particular one of the service applications 70-72naturally decomposes into layers of functionality, with the upper layersneeding fewer rights than the lower layers. Structuring the differentlayers of a service application 70-72 into different ones of the cells90-92 reduces the potential for damage by faulty layers or unauthorizedaccess within one cell 90-92. For example, a family may subscribe to afinancial service application 70-72 which provides checking accounts forthe family members and further provides a stocks trading account. Thisfinancial service application 70-72 could be arranged in two of thecells 90-92 to enable the parents of carry special stock quote pagers,and to restrict the family's teenagers from accessing the stock tradingaccount.

[0064] Class Libraries

[0065] To ensure the security and robustness of the service gatewaysystem, there is a distinction between the cells 90-92 which contain theboxlets 64-69, and the class libraries 95 (or “libs”) which also containthe boxlets 64-69. The distinction is that the cells 90-92 may notaccess the boxlets 64-69 directly from other cells 90-92, but the cells90-92 may gain access to certain categories of classes (restrictedcategories of the boxlets 64-69) in the libraries 95. Also, thelibraries 95 may access certain categories of classes in other libraries95. In the situation where two or more of the cells 90-92 are accessinga particular class from a library 95, that class may be thought of asbeing shared by the cells 90-92, even though the cells 90-92 do notdirectly access the class from other cells 90-92. One reason for usingthe class libraries 95 to provide class access to the cells 90-92 is toprevent corruption of the cells 90-92 due to static fields in sharedcode. If the cells 90-92 were to share classes having static fields,they would, in effect, be accessing the same portions of memory. Suchsharing of memory, if uncontrolled, could possibly result in datacorruption or unauthorized access, in certain situations. On the otherhand, a class that has no static fields may be safely shared between twoof the cells 90-92 since there is no way for such objects to leakinformation between each other. If one of the cells 90-92 has a classcontaining a static field, any other of the cells 90-92 should usedistinct copies of the class rather than having direct access to theclass containing the static field.

[0066] In practice, the effective and efficient use of class libraries95 for controlling access to the various classes makes this aspect ofthe present invention a desirable means of sharing the boxlets 64-69.One feature of each single class library 95 within the class libraries95 is that each has a name which is unique among all the libraries 95.In sum, the class libraries 95 are essentially code archives containing,for instance, subdirectories of zip files, jar files, class directories,software code, programs, subroutines, programming logic or the like.

[0067] Various ones of the libraries 95 may contain classes categorizedas being either shared, private, or single. A shared class of a library95 may be shared by different ones of the cells 90-92 or otherlibraries. For private classes, however, a separate copy of each privateclass should be stored in a library 95, with that separate copy of theprivate class being accessed by only one of the cells 90-92. In otherwords, there is no sharing of private classes among the cells 90-92 orother libraries. There may be private classes for which there shouldonly be one copy, period. In other words, rather than providing each ofthe cells 90-92 with its own private copy of this class, there is onlyone single copy of the class to which access is limited to one of thecells 90-92. This latter category of class is known as the single class.

[0068] Since the libraries 95 may use classes from other libraries 95,the inter-library access of classes is registered and tracked in adependent library list of the libraries 95 from which classes areborrowed. The dependent library list is preferably the property of thelibrary 95 from which the class was borrowed or accessed. In any case,references between the libraries 95 should not be circular. To maintaina robust, secure environment for the service gateway system, thelibraries 95 containing shared classes may only reference otherlibraries 95 containing shared classes, and may not reference libraries95 which have private classes or single classes.

[0069] As will be apparent from the foregoing discussion, a particularone of the cells 90-92 may only access its own classes or sharedclasses. Access to classes by the cells 90-92 is controlled and enforcedby class loaders 97 operating in combination with a security manager 98and the class libraries 95. The security manager 98 may be part of thecell manager 93. The class loaders 97 which load classes to and from thelibraries 95, define the area into which a class is grouped. In this wayaccess to a class may be managed. Thus, a class is a set of code towhich the extent of access by cells 90-92 is defined. Each of the cells90-92 may retrieve only the classes to which is has been granted access,for instance, the service gateway system-wide shared classes, classespertaining to the particular language or code type used to implement theservice gateway system, and the cell's own classes.

[0070] Cell Operations

[0071] Starting one of the cells 90-92 involves the creation of aninstance of the boxlet's main class with the routines of the initialize(“init”) method and the start method for that cell 90-92. Similarly,each of the cells 90-92 may be terminated by calling the boxlet's stopmethod and destroy method for that cell 90-92, thus closing allconnections to and from the boxlet and stopping what is known as thethreads of the cell 90-92. The initialize method, start method, stopmethod, and destroy method are stored in the class libraries 95. One ofthe cells 90-92 may be started, or restarted, as a result of a gaterequest for that cell to the cell manager 93. After receiving a gaterequest for one of the cells 90-92 and determining that the requestedcell 90-92 is not currently running, the cell manager 93 begins theprocess of starting the requested cell. One of the cells 90-92 which isa permanent cell may also be started if it is discovered not to berunning as a result of rereading the cell tables 94, or if the cellmanager 93 determines that a permanent cell has crashed.

[0072] The startup of a new one of the cells 90-92 involves opening theclass libraries 95 and having the class loaders 97 load and install theappropriate main class in order to create a main gate 80-83. Inaddition, the cell manager 93 initializes routines called initializemethod and start method, as part of the startup process for the new oneof cells 90-92 to be created. The cell startup will be successful onlyif the initialize method returns an appropriate response value beforetiming-out within a predetermined time limit. If the initialize methodreturns a negative response or exception, or if the initialize methodtimes-out, the cell manager 93 may terminate the new cell 90-92 beingcreated. In the case where a new cell is terminated, the initializemethod is stopped and the destroy method is called. If the call toinitialize method was successful, the cell manager 93 initiates aroutine called start method. During the start method the newly createdcell 90-92 may terminate the creation process or may simply pause (hang)without completing the start method. If the start method returns anegative response or an exception, the cell manager 93 terminates thenew cell 90-92 being created. When such a termination occurs, the cellmanager 93 initiates the routines of both stop method and destroymethod.

[0073] During the creation of a new cell 90-92, the initialize methodmay, where authorization is proper, open the gates 80-86 to existingcells 90-92 by using, e.g., the buildgate method. On the other hand, anew cell 90-92 being created is protected from having other ones of thecells 90-92 open gates to the newly created cell during itsinitialization. Upon finishing the initialize method to complete theinitialization phase, and after the start method has been called, newgates may be created from the existing cells 90-92 to the newly createdcell 90-92.

[0074] The newly created cell 90-92 is responsible for coordinating itsstart method and creation of any gates 80-86 to it. This avoids problemsfrom arising associated with having more than one of the cells 90-92simultaneously call the newly created cell 90-92. The situation in whichthe initialize method opens one of the gates 80-86 to another cell whichin turn directly or indirectly attempts to open another of the gates80-86 back to the cell may potentially cause a deadlock situation. Thecell manager 93 monitors the execution of the various methods duringcell creation to avoid such a deadlock situation. When an impendingdeadlock is detected, the cell manager 93 causes the offending gaterequest (e.g., opengate, buildgate ) to fail.

[0075] If one of the cells 90-92 crashes too many times within a givenpredetermined time period, the cell manager 93 may disable it. The cell90-92 remains disabled until it is either replaced as a result ofloading a new cell table 94 or reenabled by the cell manager 93 or bythe system management application program interface (API).

[0076] One of the cells 90-92 may be stopped by the cell manager 93 forany of several reasons. For instance, a cell 90-92 may be stopped by thecell manager 93 if the cell's initialize method pauses for too long orreturns a negative response or an exception. A cell 90-92 may also bestopped if its start method pauses for too long or returns a negativeresponse or an exception. A cell 90-92 may be stopped if its serviceapplication 70-72 no longer exists, which may arise as the result of areread of the cell table 94, for instance. A cell 90-92 may be stoppedif its service application 70-72 needs to be restarted because thesettings have changed for the libraries 95 pertaining to the cell 90-92and the service application 70-72. Changes in the settings of thelibraries 95 or other changes in the state of a cell 90-92 come to lightas a result of a reread of the cell table 94, for instance. A cell 90-92may also be stopped if the service gateway system, the applicableservice platform server 22, or other element of the service gatewaysystem is halted, crashes or otherwise malfunctions.

[0077] One of the cells 90-92 may be terminated by calling the stopmethod, closing all the imported and exported gates 80-86, calling thedestroy method, causing termination of all executing threads of the cell90-92, and releasing any classes loaded from the libraries 95.Typically, the stop method is called first and should return a responsewithin a predetermined time limit. If a time-out occurs because the stopmethod has not responded, the cell manager 93 may terminate the stopmethod. While the stop method is being performed, it may open new gates80-86 to the other cells 90-92, but is protected from having to grantrequests for new gates to the cell 90-92 being stopped. Upon completionof the stop method, all gates 80-86 will have been closed to and from tothe cell 90-92 being stopped.

[0078] Typically, after a cell 90-92 is stopped, the destroy method maybe called to destroy the cell 90-92 no longer desired. The destroymethod should also respond within a predetermined time limit. If atime-out occurs because the destroy method has not responded, the cellmanager 93 may terminate the stop method. As a final measure indestroying one of the cells 90-92, all threads, connections, gatewaysand other avenues of communication are destroyed, preventing them fromcommunicating to or from the cell. Upon termination, the cell 90-92which was terminated ceases to exist and can no longer be reached by anyother of the cells 90-92. The terminated cell is then garbagecollectable.

[0079] To perform useful functions, the cells 90-92 must be able tocommunicate among one another. Also, some of the cells 90-92 may needlimited access to external resources such as devices, files, sockets,programs or the like. Inter-cell communication for the cells 90-92 isachieved through the use of gates such as the gates 80-86 of FIG. 6. Ina preferred embodiment for accessing external resources, responsibilityand authority for accessing external resources is vested in a set oftrusted “system” cells, such as system cell 99 of FIG. 6. This means ofaccessing external resources may be implemented by supporting privilegedsystem cells 99 characterized by full access to the system area serviceslayer 110. Also, the authority of the security manager 98 over thesystem cells 99 would be disabled. For illustrative purposes because ofthe significant differences between the system cell 99 and the cells90-92, the system cell 99 is reflected as being a part of the systemservices layer 110.

[0080] Alternative embodiments for accessing external resources involverequests for accessing external resources are made by the cells 90-92 todirectly the cell manager 93 or to security manager 98. Such methods ofmanaging the access to external resources have the drawback ofunnecessarily placing too much functionality in the cell manager 93 orthe security manager 98, thus, slowing down operation of the servicegateway system and increasing the possibility of operational failures.It is better to reserve the resources of the cell manager 93 to handlingexisting functions and communication matters.

[0081] Gates

[0082] The gates 80-86 provide and control inter-cell communication.Without gates 80-86, the cells 90-92, in their basic form, are isolatedfrom each other and from the outside world. Absent some mode ofinter-cell access, even the system cells 99 cannot communicate withother cells. What is lacking in the cells 90-92 is a form of inter-cellcommunication. The gates 80-86 provide and control inter-cellcommunication. In doing so, the gates 80-86 support methods for celltermination and facilitate the addition of resource management, withoutcompromising integrity of the cells 90-92. In fact, the gates 80-86 arethe mechanisms used to achieve application integrity. The cells 90-92 donot obtain direct references objects in other cells 90-92, but insteadcommunicate to the other cells 90-92 via the gates 80-86. Thus, thegates 80-86 serve as controlled interfaces as the service applications70-72 within the cells 90-92 interact with each other, with the mainservices layer 100, or with system services layer 110. The interfaceparameters and control aspects of the gates 80-86 are defined at thetime of creation for each of the gates 80-86, but may later be modifiedby the gate manager 96 of the main layer 100.

[0083] The gates 80-86, which each represent an inter-cell connection,are characterized by the following features. The gates 80-86 are eachspecific to one pair of the cells 90-92 and cannot be handed over toanother cell or a third party. Each of the gates 80-86 works locallywithin a single local operating environment such as a Java VirtualMachine (JVM), or the like. In an alternative embodiment, remote gatesmay be provided which reside in multiple JVMs. No particular localoperating environment is required for development of the gates 80-86;different particular ones of the gates 80-86 could be implemented indifferent local operating environments. The gates 80-86 may be closed bythe cells 90-92 at either side of the gate 80-86. Each of the gates80-86 is automatically closed if either of the cells 90-92 associatedwith the gate or either side of the gate is terminated. One of the cells90-92 may request notification when a gate 80-86 associated with itcloses.

[0084] The logic, processes and/or mechanisms for creating the gates80-86 are transparent; there is no requirement for a separate stubcompiler dedicated to creating the gates 80-86. A stub compilergenerates the source code, or boxlets, of classes based on thespecifications and parameters for of the class. To create a gate to oneof the cells 90-92, the stub compiler uses the specifications andparameters of the cell 90-92 to which the gate is being created. Ineffect, the stub compiler produces source code or the boxlets 64-69 fora class which implements the same interface specifications andparameters as the requested cell 90-92. Thus, the creation of one of thegates 80-86 may be thought of as exporting an interface. As a practicalmatter, the gates 80-86 may be initiated by a routine or method inaddition to use of interface glue consisting of classes or the boxlets64-69 produced by the stub compiler.

[0085] One of the gates 80-86 may be created upon request from theservice applications 70-72 and issued by the gate manager 96 afterchecking that the requesting service application 70-72 is authorized toreceive the gate 80-86 of the specified type. An exemplary process forcreating a gate may proceed as follows, for creation of the gate 84between the cells 90 and 91. For example, the cell 90 may request aconnection to the cell 91 by calling a program or method of the maingate 80 for opening a gate (e.g., the routine called the “opengate”method). In response to this gate request, the main gate 80 verifieswhether the cell 91, the server cell, exists and access to the cell 91is permitted. The main gate 80 starts the server where the cell 91resides, e.g., service platform server 22, if it is not already running.The main gate 80 calls a program of the server for creating the gate,e.g., the “boxlet.buildgate( )” method.

[0086] If the gate 84 being created is of a new gate type, the main gate80 may invoke a stub compiler to produce a proxy class for the gateobject returned by “buildgate.” Such a proxy class need only beinitiated once only for each new gate type. The main gate 80 records thenewly created gate 84 and any proxy (if necessary) in import/exporttables within the main services layer 100. Import/export tables may belocated in the memory containing the cell table 94 and/or the classlibraries 95. Recording the newly created gate 84 in this manner allowsthe gate 84 to be closed when either of the cells 90 or 91 terminate.The proxy is then returned to the client cell 90.

[0087] In general, every object, except for certain shared classes,belongs to one of the cells 90-92. Consequently, all arguments andreturn values resulting from a communication via the gates 80-86 shouldeither be copied or else represented by a proxy on the other side of thegate 80-86. The gates 80-86 may use proxies structured much like a gatein order to send certain types of objects which may not be serialized.The use of proxies enables gates 80-86 to operate at relatively highspeeds allowing them to perform simple copying of certain types ofobjects rather than serializing all objects.

[0088] Without the use of such proxies, it would be impossible to send alistener across one of the gates 80-86. Listeners are entities, orclasses, that have been registered to receive event notifications fromother classes upon the occurrence or pending occurrence of a specifiedevent. Whenever an event of the specified type occurs, a predeterminedoperation is invoked within the listener. For example, the occurrence ofan alarm indication within the fire alarm service application of ahousehold, could invoke a listener within an audio system controlservice application to shut down the household's audio system so thefire alarm could be heard. Aside from listeners, another use of proxiesfor sending non-serialized objects, is for the sending of input/output(I/O) streams.

[0089] Access rules may be used to control access or communicationpermissions between the cells 90-92. Specific access rules override moregeneral access rules, in case of any conflict or inconsistency betweenaccess rules. As an example of access rules being used to controlaccess, consider the previous example of the gate 84 being built betweenthe cell 90 and the cell 91 of FIG. 6. For instance, if the cell 90tries to open a gate to the cell 91 (assuming the gate 84 is not open),the rules are searched for determine whether access is allowed. If nomatch is found, the request, e.g., the opengate method, is denied. Ifthe rules allow access, the cell manager 93 attempts to contact the cell91 by calling a program or method within the cell 91 which controls gateaccess. The extent of access allowed and the access mode permitted inthe rules is an indication to the cell 91 of the level of service togrant to the cell 90. The interpretation of the rules pertaining toaccess and the extent of access to be granted is preferably is up to thecell 91 which is granting the access, but may be accorded to the cellmanager 93, in an alternative embodiment, either for deciding or forverifying the decision of the cell 91.

[0090] As a means of keeping track of the access rules assigned tovarious ones of the cells 90-92, groups may be formed for the cells90-92 having the same access rules. Such groups form a convenientshorthand for the number and type of access rules pertaining toparticular cells 90-92. Groups typically consist of a list of the cells90-92 and/or other groups, all of which have the same set of accessrules.

[0091] The service applications 70-72 are not required to export anygate interfaces (i.e., be connected by any gates), with the exceptionthat each of the service applications 70-72 must always have at leastone of the main gates 80-82 associated with it. One purpose of each ofthe main gates 80-82 is to provide the interfaces needed forcommunication with the cells 90-92 and the gate manager 96.

[0092] Cell Manager

[0093] The cell manager 93 provides one of the main gates 80-82 to eachone of the cells 90-92 at the time it is created. In practice, each ofthe main gates 80-82 may be handed to the newly created one of the cells90-92 as an argument in the form of “boxlet.init*( ).” The cell manager93 performs several functions pertaining to the cells 90-92. The cellmanager 93 performs its functions via the main gates 80-82. Forinstance, the cell manager 93 uses the main gates 80-82 to request aname for each of the cells 90-92 and also to terminate the cells 90-92.The cell manager 93 uses main gates 80-82 to open and close other gatessuch as the gates 83-86. The cell manager 93 also uses main gates 80-82to add and remove gate listeners. The system services layer 110 of FIG.6 provides general services 76-79 which the service applications 70-72may use. The general services 76-79 of the system services layer 110 areimplemented in the same manner as the service applications 70-72. Inother words, they are implemented in the form of the boxlets 64-69executing within cells. Likewise, interfaces offered by the generalservices 76-79 of the system service layer 110 are exported in the formof gates such as the gates 80-86.

[0094] The cell manager 93 is responsible for starting or activatingcells 90-92 as well as and stopping and destroying cells 90-92. A newone of cells 90-92 will not be activated unless it is complete. Thisensures that the cells 90-92 of the service gateway system are at alltimes complete. The cell manager 93 manages operation of the cells 90-92so that the right set of the cells 90-92 are running to provide taskspertaining to the service applications 70-72 that are required at agiven time. In performing these functions, the cell manager 93 considersinformation stored in the cell table 94 which specifies the cells 90-92that should be running on the service gateway system. The cell manager93 handles access control by determining the gates 80-86 to be createdbetween the cells 70-72. Furthermore, the cell manager 93 handlesresource management so that no single one of the cells 90-92 consumestoo much of the service gateway system or service platform server 22resources, e.g., CPU time, memory, persistent storage, and the like.These and other design aspects of the service gateway system ensure thesecurity, isolation and robustness of the service applications 70-72,facilitate management of service applications 70-72 lifetimes, and allowresource management for cells 90-92.

[0095] Upon booting the service platform server 22 shown in FIG. 2, thecell manager 93 reads the cell table 94 into memory and starts up thespecified service applications 70-72. The cells 90-92 may be designatedas either permanent or transient. The cells 90-92 designated aspermanent are started and then kept running. If one of the permanentcells 90-92 crashes, it is restarted. The cells 90-92 designated astransient are only started on demand. For instance, when another cellattempts to contact one of the transient cells 90-92, the transient cellis started.

[0096] When the service gateway software configuration is changed as aresult of updating the cell table 94 or upon booting the serviceplatform server 22, a number of actions take place which may potentiallycause timing problems. The various code classes, methods, programs,subroutines, or the like, of the service applications 70-72 may have tobe started in a certain order to avoid software glitches or operationalmalfunctioning. In general, it is exceedingly difficult, if notimpossible, to automatically and accurately determine the correct bootsequence, since a service application 70-72 may dynamically request agate 80-86 to another service application 70-72 in an unpredictable way.The use of the cell table 94 according to the present invention, avoidssuch problems.

[0097] Cell Table

[0098] The cell table 94 serves as a dedicated place for storing thestate of the service applications 70-72. By having the necessary stateinformation stored in the cell table 94, the cell manager 93 is free toboot the service applications 70-72 of the cells 90-92 in any order.Upon booting a particular service application 70-72, its cell 90-92 mayrequest a one of the gates 80-86. If one of the cells 90-92 requests agate 80-86 to another of the cells 90-92 that has not yet started, thegate request is paused while the requested cell 90-92 starts up. Theprocedure works equally well for permanent cells and transient cells.Because of the robustness and reliability afforded during bootup, it ispreferred to use the cell table 94 and the cell manager 93 for keepingtrack of the state of the service applications 70-72. Hence, it ispreferable that the service applications 70-72 be prohibited fromregistering themselves during startup.

[0099] Use of the cell table 94 allows the cell manager 93 to be able tocease operations and restart from any level, both in situations whereoperations are purposely stopped and when operations crash, which is oneof the purposes of the service gateway system. When the service platformserver 22 boots, the cell manager 93 attempts to start the cell 90-92associated with the service platform server 22 at the last completeconfigurations of service applications 70-72 listed in the cell table94. If this is unsuccessful because of error or configuration failure orsome other reason, the cell manager 93 attempts to boot the serviceplatform server 22 using various alternatives from a fallback list.

[0100] Adding a new one of the service applications 70-72 may involvechanges in one or more of the cells 90-92. For instance, a temperaturecontrol system service application may be added which uses existingsensors and also some new sensors. The installation of a temperaturecontrol system service application with new sensors may require thatsome classes of code from class libraries 95 be downloaded. As a resultof the changed state of the temperature control system serviceapplication, a new cell table 94 should be generated listing the newstate of the affected cells 90-92. The new cell table 94 should also beactivated. Once this has taken place, the cell manager 93 will be ableto dynamically sort out the necessary steps to activate the newtemperature control system service application, regardless of itsprevious condition or state.

[0101] The cell table 94 may be thought of as containing the systemconfiguration which drives the actions of cell manager 93. As part ofroutine maintenance or in response to an error event, the cell manager93 may be periodically prompted to reread the cell table 94. When thisoccurs, the cell manager 93 stops old inactive cells 90-92 that are nolonger listed in the cell table 94 and starts any newcomers which arelisted in the cell table 94 but are not active or running. The rereadrequest may be part of the system management application programinterface (API), making it normally unavailable to the cells 90-92. Arequest to the cell manager 93 to reread the cell table 94 may result ina number of activities taking place, including, setting the system logstream, setting the load path for class libraries 95, setting the activecell table 94 list, prompting a cell table 94 reread, starting orrestarting the service gateway system, and/or halting the servicegateway system.

[0102] In addition to managing the creation and destruction of the cells90-92, the cell manager 93 and the cell table 94 are also involved ininter-cell communication and security. The information stored in thecell table 94 pertaining to the access granted to the cells 90-92 isintegral to inter-cell communication and security. An exemplary formatof the cell table 94 may contain four or more types of entriespertaining to the identity of cells 90-92. For instance, such anexemplary format of the cell table 94 contains a description of thecells 90-92, information about the classes in libraries 95 associatedwith each of the cells 90-92, the various degrees of access affordedeach of the cells 90-92, and the association of any cell groups to thecells 90-92.

[0103] The information stored in the cell table 94 allows the serviceplatform server 22 to be switched on the fly to a new configuration of aservice application 70-72. For instance, the cell manager 93 may benotified of a new configuration of one of the service applications 70-72by a service provider 34 of FIG. 2. The cell manager 93 will then updateto the new configuration by stopping the existing configuration of theservice application 70-72, if it is running, and starting the newconfiguration. In this way, service may continue undisturbed whileconfiguration updates take place. This ensures smooth updates togetherwith complete crash protection.

[0104] System Services

[0105] The system services 76-79 of the system services layer 110includes a management system service 76, an information publishingsystem service 77, a local net system service 78, and a communicationand storage system service 79. The management system service 76 providesan external interface through which the service applications 70-72 maybe downloaded, installed, removed, executed, and controlled. Theinformation publishing system service 77 contains a server such as, forinstance, an HTTP server, through which the service applications 70-72can publish or transmit information for display. This allows the serviceapplications 70-72 to make information available to client terminals 20,28 or 30 in both the local network 10 and external networks such as theInternet 26 of FIG. 2. The local network services 78 provide the properinterfaces and drivers which allow the service applications 70-72 tocommunicate with the devices 12-18 on the local network 10 as well asexternal networks such as the Internet 26 or GSM 32 of FIG. 2. Thecommunication and storage system service 79 provides persistent storagethat the service applications 70-72 may use for communicating amongthemselves and with entities in the external networks.

[0106] While the present invention has been described using theforegoing exemplary embodiments, these embodiments are intended to beillustrative in all respects, rather than restrictive of the presentinvention. Thus, the scope of the present invention is instead set forthby the appended claims and encompasses any and all equivalents andmodifications embraced thereby.

What is claimed is:
 1. A system for controlling operation of a service comprising: at least one remote device associated with said service; a local area network connected to said at least one remote device; service gateway equipment connected to said local area network; network operator equipment connected to said service gateway equipment for selectively loading a first portion of software associated with said service onto said service gateway equipment; and service provider equipment connected to said network operator equipment via a communication link for providing said at least said first portion of software to said network operator equipment; wherein said service gateway equipment runs said first portion of software to interact with said at least one remote device.
 2. The system of claim 1 , wherein said communication link is the Internet.
 3. The system of claim 1 , wherein said at least one remote device includes a sensor.
 4. The system of claim 3 , wherein said at least one remote device is a thermostat and said at first portion of software runs to operate said thermostat and control temperature.
 5. The system of claim 1 , wherein control and maintenance of said service gateway equipment is performed by said network operator equipment.
 6. The system of claim 5 , wherein said service provider equipment loads a second portion of software associated with said service into said network operator equipment, said second portion of software including control and maintenance instructions for supervising said service gateway equipment implementation of said service.
 7. The system of claim 1 , wherein said at least one remote device includes a transducer.
 8. The system of claim 1 , wherein said at least one remote device includes a processor.
 9. The system of claim 1 , wherein said at least one remote device includes an electricity meter and said service is automated meter reading.
 10. The system of claim 1 , wherein said at least one remote device includes an electricity meter and said service is real time electricity pricing.
 11. The system of claim 1 , wherein said at least one remote device includes an electricity meter and said service is automated electricity load control.
 12. The system of claim 1 , further comprising: a client device connected to said system for allowing a subscriber of said service to interact therewith.
 13. The system of claim 12 , wherein said client device is directly connected to said local area network.
 14. The system of claim 12 , wherein said client device is connected to said system via a radiocommunication system.
 15. The system of claim 1 , further comprising: a smart card containing a third portion of software associated with said service, the user loading the third portion of software contained in the smart card onto the service gateway equipment for implementing the service.
 16. A method for providing at least one utility service to a user comprising the steps of: providing at least one remote device associated with a first utility service; providing a local area network connected to said device; connecting a service platform server to said local area network; selectively loading software associated with said first utility service onto said service platform server from a first service provider equipment; and operating said first utility service to control said at least one remote device using said loaded software.
 17. The method of claim 16 , wherein said step of connecting further comprises the step of: directly connecting said service platform server to said local area network using a cable or wire.
 18. The method of claim 16 , wherein said service platform server is dedicated to operating services.
 19. The method of claim 16 , further comprising the steps of: selectively loading software associated with a second utility service onto said service platform service from a second service provider equipment; and operating said second utility service to control said at least one remote device.
 20. The method of claim 19 , wherein said first utility service is automated meter reading and said at least one remote device is an electricity meter.
 21. The method of claim 19 , wherein said second utility service is automated load control and said at least one remote device is an electricity meter.
 22. The method of claim 16 , wherein said step of operating further comprises the steps of: distributing software associated with said first utility service across processors in addition to said service platform server; and running said distributed software to operate said first utility service.
 23. The system of claim 13 , wherein said client has a display and an output of information associated with said service is adjusted based on a size of said display.
 24. A software system for controlling operation of a service, the software system comprising: a service application controlled by a network operator for interacting with at least one remote device connected to a local area network and associated with said service, the service application consisting of one or more boxlets; a plurality of cells, at least one of the plurality of cells residing on service gateway equipment connected to said local area network, a one of the plurality of cells comprises software resources made available to the service application; and a plurality of gates which provide and control inter-cell communication between ones of the plurality of cells; wherein the one or more boxlets of the service application reside within a one of the plurality of cells.
 25. The software system of claim 24 for controlling operation of a service, further comprising: a cell manager for controlling the software system, the cell manager being accessed only by the network operator.
 26. The software system of claim 24 for controlling operation of a service, further comprising: a main gate between the cell manager and the one of the plurality of cells containing the boxlets of the service application.
 27. The software system of claim 26 for controlling operation of a service, wherein the boxlets of the service application are selectively loaded by the network operator via the main gate.
 28. The software system of claim 24 for controlling operation of a service, wherein at least a portion the boxlets for the service application is dedicated to a service provider.
 29. The software system of claim 25 for controlling operation of a service, wherein the cell manager communicates via Internet with the one of the plurality of cells containing the boxlets of the service application.
 30. The software system of claim 24 for controlling operation of a service, further comprising: classes, each of the classes comprising boxlets categorized for restricted access by certain ones of the plurality of cells.
 31. The software system of claim 24 for controlling operation of a service, further comprising: a class libraries for storing a classes, access to the class library being restricted to authorized ones of the plurality of cells. 